PageRenderTime 39ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 0ms

/src/middleware/ewgi_session/ewgi_session_cookie_store.erl

http://github.com/skarab/ewgi
Erlang | 130 lines | 93 code | 13 blank | 24 comment | 1 complexity | 7f02cf5aa7f8b3318c7b7d636446c0bc MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception 
    

  1. %% @author Hunter Morris <hunter.morris@smarkets.com>
    2. 

  2. %% @author Davide Marquês <nesrait@gmail.com>
    3. 

  3. %% @copyright 2009 Smarkets Limited.
    4. 

  4. %%
    5. 

  5. %% @doc Cookie-based session store.
    6. 

  6. %% Based on smak_auth_cookie by Hunter Morris.
    7. 

  7. %% @end
    8. 

  8. %%
    9. 

  9. %% Licensed under the MIT license:
    10. 

  10. %% http://www.opensource.org/licenses/mit-license.php
    11. 

  11. 

  12. -module(ewgi_session_cookie_store).
    13. 

  13. -author('Hunter Morris <hunter.morris@smarkets.com>').
    14. 

  14. -author('Davide Marquês <nesrait@gmail.com>').
    15. 

  15. 

  16. %% Session Store API
    17. 

  17. -export([load_session/2, store_session/2, delete_session/2]).
    18. 

  18. 

  19. %% Usage examples
    20. 

  20. -export([create_example/1, delete_example/1]).
    21. 

  21. 

  22. -import(ewgi_util_cookie, [cookie_headers/5, cookie_safe_encode/1, cookie_safe_decode/1]).
    23. 

  23. 

  24. -include("ewgi.hrl").
    25. 

  25. 

  26. -define(DEFAULT_COOKIE_NAME, "session_id").
    27. 

  27. -define(ENCODER, ewgi_util_crypto).
    28. 

  28. -define(MAX_LENGTH, 4096).
    29. 

  29. 

  30. %%====================================================================
    31. 

  31. %% Session Store API
    32. 

  32. %%====================================================================
    33. 

  33. -spec load_session(ewgi_context(), list()) -> ewgi_context().
    34. 

  34. load_session(Ctx, [CookieName, _CookiePath, _SecureCookie, Timeout, IncludeIp, Key]=Args) ->
    35. 

  35.     case ewgi_api:get_header_value("cookie", Ctx) of
    36. 

  36. 	undefined ->
    37. 

  37. 	    ewgi_session:new_session(Ctx);
    38. 

  38. 	Cookies ->
    39. 

  39. 	    CookieValues = ewgi_util_cookie:parse_cookie(Cookies),
    40. 

  40. 	    case proplists:get_value(CookieName, CookieValues) of
    41. 

  41. 		undefined ->
    42. 

  42. 		    ewgi_session:new_session(Ctx);
    43. 

  43. 		SessionCookie ->
    44. 

  44. 		    case decode_cookie_contents(SessionCookie, Key) of
    45. 

  45. 			{error,_} = _Error ->
    46. 

  46. 			    %% DISPLAY ERROR!?
    47. 

  47. 			    ewgi_session:new_session(Ctx);
    48. 

  48. 			Session ->
    49. 

  49. 			    case ewgi_session:init_session(Ctx, Session, Timeout, IncludeIp) of
    50. 

  50. 				invalid_session ->
    51. 

  51. 				    %% DISPLAY ERROR!?
    52. 

  52. 				    Ctx_2 = ?MODULE:delete_session(Ctx, Args),
    53. 

  53. 				    ewgi_session:new_session(Ctx_2);
    54. 

  54. 				Ctx_2 ->
    55. 

  55. 				    Ctx_2
    56. 

  56. 			    end
    57. 

  57. 		    end
    58. 

  58. 	    end
    59. 

  59.     end.
    60. 

  60. 

  61. -spec store_session(ewgi_context(), list()) -> ewgi_context().
    62. 

  62. store_session(Ctx, [CookieName, CookiePath, SecureCookie, _Timeout, IncludeIp, Key]) ->
    63. 

  63.     Updated = ewgi_session:session_updated(Ctx),
    64. 

  64.     if Updated ->
    65. 

  65. 	    Session = ewgi_session:get_session(Ctx, IncludeIp),
    66. 

  66. 	    case ?ENCODER:encode(Key, term_to_binary(Session), ?MAX_LENGTH) of
    67. 

  67. 		{error, _} = _Error ->
    68. 

  68. 		    %% TODO: report this? To whom?
    69. 

  69. 		    Ctx;
    70. 

  70. 		EncryptedVal ->
    71. 

  71. 		    CookieVal = cookie_safe_encode(EncryptedVal),
    72. 

  72. 		    cookie_headers(Ctx, CookieName, CookieVal, CookiePath, SecureCookie)
    73. 

  73. 	    end;
    74. 

  74.        true -> %% nothing to do!
    75. 

  75. 	    Ctx
    76. 

  76.     end.
    77. 

  77. 

  78. delete_session(Ctx,  [CookieName, CookiePath, SecureCookie, _Timeout, _IncludeIp, _Key]) ->
    79. 

  79.     cookie_headers(Ctx, CookieName, [], CookiePath, SecureCookie).
    80. 

  80. 

  81. %%====================================================================
    82. 

  82. %% example functions on how to use the session middleware
    83. 

  83. %%====================================================================
    84. 

  84. -define(COOKIE_SIGNING_KEY, <<"ABCDEFGHIJKLMNOP">>).
    85. 

  85. -define(COOKIE_PATH, "/").
    86. 

  86. -define(SECURE_COOKIE, false).
    87. 

  87. -define(INCLUDE_IP, true).
    88. 

  88. -define(SESSION_TIMEOUT, 15 * 60 * 1000). %% 15 minutes
    89. 

  89. -define(COOKIE_STORE_ARGS, [
    90. 

  90. 			    "cookie_session_id",
    91. 

  91. 				?COOKIE_PATH,
    92. 

  92. 			    ?SECURE_COOKIE,
    93. 

  93. 			    ?SESSION_TIMEOUT,
    94. 

  94. 			    ?INCLUDE_IP,
    95. 

  95. 			    ?COOKIE_SIGNING_KEY
    96. 

  96. 			   ]).
    97. 

  97. 

  98. create_example(Ctx) ->
    99. 

  99.     SessionApp = fun ewgi_session:session_create_app/1,
    100. 

  100.     Ctx1 = ?MODULE:load_session(Ctx, ?COOKIE_STORE_ARGS),
    101. 

  101.     Ctx2 = SessionApp(Ctx1),
    102. 

  102.     ?MODULE:store_session(Ctx2, ?COOKIE_STORE_ARGS).
    103. 

  103. 

  104. delete_example(Ctx) ->
    105. 

  105.     SessionApp = fun ewgi_session:session_delete_app/1,
    106. 

  106.     Ctx1 = ?MODULE:load_session(Ctx, ?COOKIE_STORE_ARGS),
    107. 

  107.     Ctx2 = SessionApp(Ctx1),
    108. 

  108.     ?MODULE:store_session(Ctx2, ?COOKIE_STORE_ARGS).
    109. 

  109. 

  110. %%====================================================================
    111. 

  111. %% Internal functions
    112. 

  112. %%====================================================================
    113. 

  113. -spec decode_cookie_contents(string(), list()) -> any() | {'error', any()}.
    114. 

  114. decode_cookie_contents(Cookie0, Key) ->
    115. 

  115.     case cookie_safe_decode(Cookie0) of
    116. 

  116.         <<>> ->
    117. 

  117. 	    {error, {decode_cookie_contents, no_data}};
    118. 

  118.         Cookie when is_binary(Cookie) ->
    119. 

  119. 	    case ?ENCODER:decode(Key, Cookie) of
    120. 

  120. 		{error, _} = Error ->
    121. 

  121. 		    Error;
    122. 

  122. 		Content when is_binary(Content) ->
    123. 

  123. 		    case (catch(binary_to_term(Content))) of
    124. 

  124. 			{'EXIT', Error} ->
    125. 

  125. 			    {error, {decode_cookie_contents, Error}};
    126. 

  126. 			Session ->
    127. 

  127. 			    Session
    128. 

  128. 		    end
    129. 

  129. 	    end
    130. 

  130.     end.
    131. 

  131.